CVE-2021-3857
chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Source: CVE-2021-3857
[월:] 2022년 01월
CVE-2022-0184
CVE-2022-0184
Insufficiently protected credentials vulnerability in ‘TEPRA’ PRO SR5900P Ver.1.080 and earlier and ‘TEPRA’ PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode.
Source: CVE-2022-0184
CVE-2022-0183
CVE-2022-0183
Missing encryption of sensitive data vulnerability in ‘MIRUPASS’ PW10 firmware all versions and ‘MIRUPASS’ PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords.
Source: CVE-2022-0183
CVE-2022-0181
CVE-2022-0181
Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Source: CVE-2022-0181
CVE-2022-0182
CVE-2022-0182
Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.
Source: CVE-2022-0182
CVE-2022-0131
CVE-2022-0131
Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
Source: CVE-2022-0131
CVE-2022-0180
CVE-2022-0180
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.
Source: CVE-2022-0180
CVE-2021-4171
CVE-2022-0239
CVE-2022-0239
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Source: CVE-2022-0239
CVE-2022-23304
CVE-2022-23304
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
Source: CVE-2022-23304